Jenkins server crashes when trying to build a React app.

Hey guys, this is probably a very entry-level question, but I couldn't find an answer on Mr. Google. I'm trying to set up a simple CI pipeline for the front-end section of a client. It's a React app with 60k lines of code. Initially my pipeline was running npm run build on every merge request but this caused the server holding Jenkins (4GB of RAM) to ran out of RAM, ending the npm process. Now I'm running node --max_old_space_size=3096 node_modules/.bin/react-scripts build which seemd to work fine, but now the server is running out of RAM and sometimes even crashing the Jenkins instance.
I feel like I'm missing something, it doesn't seem like the app is that big. Should I double the RAM of the Jenkins instance?

https://redd.it/qsl7jy
@r_devops

In what stage to implement CIS

I have a requirement from infosec to implement CIS benchmarks. Would you put them in the packer stage so that the benchmarks are in the image or would you deploy the benchmarks later via config management?

I feel like the benchmarks are pretty static and all deployments will get it so they should be baked in the image.

https://redd.it/qspenk
@r_devops

#Kubernetes tutorial for beginners | Horizontal Pod Autoscaling in Kuber...

https://www.youtube.com/watch?v=3wITELXQGqE

Kubernetes tutorial for beginners | Horizontal Pod Scaling in Kubernetes HPA’s are stable resources in the autoscaling/v1 API group and their job is to scale the number of replicas in a Deployment based on observed CPU metrics. The autoscaling/v2 API allow scaling based on more than just CPU. You define a Deployment that makes use of Pod resource requests – where each container in the Pod requests an amount of CPU. You deploy this to the cluster. You also create an HPA object that targets that Deployment and has a rule that says something like: if any Pod in this Deployment uses more than 60% of its requested CPU, spin up an additional Pod. Once the Deployment and HPA are deployed to the cluster, scaling operations become automatic. One thing worth noting is that HPAs update the .spec.replicas field of the targeted Deployment. While this update is recorded against the Deployment object in the cluster store, it can lead to situations where the copy of the Deployment YAML file in your external version control system gets out of sync with what is currently observed on the cluster.

https://redd.it/qst81m
@r_devops

Podman vs Docker?

I keep hearing more about podman and I keep hearing worse things about docker (rg them charging for basic features)

What benefit does podman provide over docker? Does it have to do with it being purely open source? Is anyone using it in production?

Thanks!

https://redd.it/qstn3p
@r_devops

KodeKloud review?

How is KodeKloud for Docker/ Kubernetes coursework? Anyone who has membership or tried it. I am deciding between KodeKloud or Udemy courses?

https://redd.it/qstixq
@r_devops

Spinnaker

I’m facing an error while deploying spinnaker to K8s. The echo and front 50 pods are failing giving readiness probe and crash loopback off errors respectively.

https://redd.it/qt18pu
@r_devops

setup.py missing

First off, I want to start off by apologizing, I'm very new to the side of dev/ops, however I have been on the ops side for a while and trying to crack this dev egg.

That being said, I've been playing around with AWS CDK and Python, messing around with sample apps to build out cloud formation templates, and I noticed that I'm missing the setup.py file that is being shown in all the videos and screenshots. After spending some time uninstalling and reinstalling my node, npm, and cdk packages making sure the versions were all compatible, I went to google and reddit.

Upon searching, I found this fairly recent article: https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html

So from my very limited understanding, setup.py only existed to call out dependencies in your app, and now we're just doing that with the pip install command. Or am I way off base here and have no idea what I'm talking about?(likely)

https://redd.it/qt3iir
@r_devops

ARM Template

https://youtu.be/aZMfAnhA3x0?sub\_confirmation=1

https://redd.it/qt5tis
@r_devops

Is ELK stack really worth it?

I see so many uses of it, but the resources it consumes, and the criticism I get for spinning up an ELK stack makes me confused. Lemme know your opinions on ELK. If you use something else for handling logs, and monitoring, do let me know of that tool as well.


Edit: My needs are primarily to monitor my personal server, I had been using netdata for resource monitoring. I scaled up my server recently, and needed more persistent monitoring than just netdata.

https://redd.it/qt6isb
@r_devops

What is the average salary in Canada ( Toronto ) for Senior SRE/Devops having 10 yrs of overall experience?

Hi folks, I'm about to get a job in canada (Toronto). I've almost finished all the rounds and the next step will be to negotiate the salary part. I'm from India and I work for a startup currently as Senior SRE. Overall I've 10 yrs of experience. I'm quite good when it comes to technical stuff and I aced the technical round and they have felt pretty good about me. This position is for Senior Devops / SRE role. Can you folks suggest be on how much I can ask for this role and if you are from Canada, can you let me know the average salary for the same?


Thanks in advance.

https://redd.it/qt8k4e
@r_devops

Port forwarding on linux

Hi guys. The task may be simpler than I think, but I'm stuck. I "work" at the university as a student and I have no boss to help me with this task. So the problem: There are 2 servers, call them AI2 and AI3. I need to connect to the uni vpn in order to ssh into them.

On AI2 we have a Virtual Machine, on that runs a SpeechToText API to which I should connect with a websocket from AI3. I can ssh from AI2 to VM on port 5022, and on port 8181 runs the API. I tried to forward a port from AI2 to the VM's 8181 port, but it doesn't work for some reason.

ssh -L 3006:127.0.0.1:8181 -p 5022 <username>@AI2.com

I tried this command and works well on my own pc, I can connect to the API, and it works fine, however, when I do the same on AI2, and try to connect to it (wss://<AI2's IP>:3006) from AI3, it gives a connection timed out error.

How can I solve this issue? If you need more information feel free to ask. Thank you guys.

https://redd.it/qsyts5
@r_devops

Docker, Nginx, Gunicorn resources?

I've been self-teaching myself computer science for a while now. I've created stock portfolio web app in python that has scheduled tasks to update the db and send notification emails. It's rudimentary but I'm proud of it. Locally everything works great. I dockerized everything and upgraded the flask app to use gunicorn and nginx for production. I have a domain name and think I configured the DNS correctly. Locally everything works correctly but when I clone the repo to a Linode server I get a 502 error.

This has been a really long journey (300+ hours) to get this far and to be honest I am very close to just giving up despite being so close to being able to show it to employers. To make things worse it's much harder for me to debug things on a VPS inside a docker image. I feel like I bit off too much to chew.

Does anyone have good books or resources to truly understand how docker, gunicorn, flask, and nginx work? Stackoverflow has been great but I really think If I was able to sit down with someone and walk through my project I could figure it out.

Here is what I think happens.

1. client asks to send a url request
2. the DNS resolves the url to <MY_INSTANCE_IP>
3. the client sends the request to <MY_INSTANCE_IP>:80
4. nginx is listening on port 80 and accepts the request
5. nginx send the request to gunicorn
6. gunicrn serves the request to flask
7. flask does something
8. flask returns the response to gunicorn
9. gunicorn serves the reponse to nginx
10. nginx serves the response back to the client

https://redd.it/qtccdo
@r_devops

Simplifying AD/SAML/LDAP logins (Authentication Spaghetti)

I'm really not sure where else to post this, so forgive me if it's a bit out of the main scope for this sub.

Long story short (as best I can) due to companies buying companies, and all of the political issues that ensue, I'm left in a mess, trying to maintain a global platform with no one central piece of authentication.

* We have a legacy AD domain left over by one company, but the corporate direction is to move away from it. Several key systems still rely on this though.
* We have Azure AD tenant which works for like 80% of things, but it doesn't help the unix/windows hosts that use the legacy AD for authentication.
* We have a lot of things tied into Okta (which is federated against our Azure AD) but there's no ability to take user groups into consideration there (unlike LDAP for example).

This is complicated further by my complete lack of knowledge in this area, the fact that anyone who knew anything has long since quit, no one who remains knows how to set anything up, and we don't have enough resources to properly implement something like Azure AD DS and LDAP-S.

So, I am in desperate need of some solution that allows me to try and pull it all together, a sort of middle man. This middle man would organize users into groups (so LDAP can work) and let Azure AD do the actual authentication. I need something a Windows Server can authenticate against, a Unix Box, web apps like BeyondTrust or Skybox and that allows all of them to make use of user groups so various users get the correct permissions to everything as soon as they are placed in a group.

Maybe [this diagram](https://viewer.diagrams.net/?tags=%7B%7D&highlight=0000ff&edit=_blank&layers=1&nav=1&title=sktch.drawio#R7Vpdc6M2FP01nmkf1sOn7X30R5ztbNzJNNvu9skjQAE1AjGSSOz8%2Bl6BMGARZ7O1E7fpZBKjCxLSPedK59544M7TzSVHebJiEaYDx4o2A3cxcBzb9kbwoSzbyjK2tSHmJNIPNYYb8oi10dLWgkRYdB6UjFFJ8q4xZFmGQ9mxIc7ZQ%2FexW0a7b81RjA3DTYioaf1KIpnU67Ks5sYnTOJEv3ri6xspqh%2FWBpGgiD20TO7FwJ1zxmR1lW7mmCrn1X6p%2Bi2fuLubGMeZ%2FJ4O3uzzJ%2FtXF39bfrj5xdvgzSL5%2FEGPco9ooRc8fSw4BtN0oactt7UvkMgrF9%2BSDYZRZ4lMKTRtuMwZyWTpa3828BdgQZTEGRhCmB%2FmYCBp6evZLcukBtp2GvuCpDHMnpIA%2FiI1C7UYQD%2BTRG7hspzZerpYz5z5UNzH0NX0Qb0gzCXetEzaJ5eYpVhyGM7Sdx1P46MJ6rq6%2FdDAPfpYmZIW0CNPk0wTLN6N3GAAFxqGF0DiGn7HEVBSNxmXCYtZhuhFY51xVmSRgmRhQat55oqxXAP0F5Zyq92OCsm68OENkd90d3X9p7oe%2Brq12LRuLba6ISTicqpiTKFMkRAkrM1LQuuhn8RIsIKH%2BIAnHB3viMdYPk9i5aaDiHNMkST33cg%2BOn6TN8Vv6PhtCA8CCIDwbdVrVDdVL3toTca1oelatjp9rzEn4DQV3S9hBM6i%2BqGMZbiy6PvWqzDGOyvGfHxbxox%2FiDFelzL%2Fabr4Z0WXWhq9DV%2FsNlma3eY5vrTJog%2BWA3T51zBjdF7MsM%2BHGeN3zozxWTHDMXT%2BikQRVUJ%2FhbKBM6KwllnA4SqWpX%2B0pTZMC%2BAFJ48wV7Z7HqYSGD12Y%2Fz0u8BcKDdTFALBYIpZmeexIhc%2FG0yt04MWs%2Foyg5CSfA1gq0uW5oUs37FcIIkCJPDadiYb%2BB3mWXyE7MAb72UHjmNkBxPLzA5q29GB9Awgv5IsUmmuY91gDiszHCvusAwTTfxXzOFSESIg2PIPwmWB6AqFCcmwnu7xEjjP7kJkj80Ezu%2BBqK5MHB0i34DoimTF5owBWq3LGR4PE398ZpiMzLDBgXpRnvdsXBh8ZM3wlmXRF14IaW5WBkp5S9vCfEgucEvutkE0INsVhhT8ERLJ7jAWOQpJFn8pD2K3hW5vySRUx8g6IhxmxpTPlg84WIuSc8eDdrQH7Q7HFrReD7T%2BqXbEsQHtDUI3YJmzTDB1xO3jW8I7B3UQCcnJnToEGVcmxAN1uFkzOLDu%2Fsd8h%2FnY6mK%2B23LfCnPb1DNKoKhSYagVyh54sFL5DCbKH9CdTvWNtFJIoJCxAOETlENZ%2FdswiGKhd9tSjXJ2h%2BeMMt4I0FtQn%2FsmtUnrOfbUc1%2BMk%2Bv5XbXimTjtKtdtoJyTAeWa0YnDqsKs5CF8XCo9ePhMLB2O%2BcU9rvxuH4ygFsbPAjFwXN9SP2CnKMD0GnAsCdRDjKu9BwImJUt7mCNV8M5YISkInvnuPxPWEztBrtacbmL1H5Qhu70lIR4WSjsPiwzCmwtEIaTBa0Ru16V8PpJymtjdsO47pSc9YT05FVt8gwevWgnrFMKeqX6rxsGClmZbOzO1uplpk742yek%2Fq5jbOj14vmSu4%2FJM0lPbTGtmLDA3BR0rRUqn6rz78dhswd8bpkeILmdPKPmOGV1uz148OtlebIrga1qKDSV5lLurBB3O0TJX6d2m97XUlNIq%2BUxIqvoyNfMwxELZMHhrK5PqDQ8EVq1HH6FUoZAFIu8tHeSc5eVbf5tN56UvBKBX1hDKN1QvU%2Fm%2BMrFdWQE%2BU5wGsGUmxDxTzlIDHOPYd%2FeYNuphWh%2FVTqfPekT5dHX1bhAZOfuC2TdP1lfVYRMDkKvF9Pr9ALJXJHLGbwxIPXA7g1m8Gzg8v5uoOL79XWfj6eDo%2BSLM%2B4HD3%2FsOzAnhgGbzlafyXuuLY%2B7F3w%3D%3D) will help visualize things a bit.

I think maybe something Keycloak or Authelia (Identity Brokers??) could be the answer, but as I said, this is really over my head. I'm just a guy with very little experience or know-how in this, trying to find a way to make

the impossible work when politics and internal bickering is stacked against him.

&#x200B;

I'm pretty desperate at this point, so I'd be grateful for any assistance you guys can provide in pointing me in the right direction.

https://redd.it/qskn14
@r_devops

How to run only some from am Ansible role

I have a role with a lot of tasks. When I include that role in my playbook, how do I run only tasks from the role with specific tags?

https://redd.it/qtgw29
@r_devops

Overwhelmed with so much to learn :(

I’m a azure cloud engineer with a windows sys engineer background, I’m about 6 months into the job and have learned quite a lot about Azure DevOps but still feel I’m missing a lot of skills to become a full DevOps engineer focused role.

There’s just so many things to learn, I don’t know how it’s possible to learn them all: AWS, Python, Powershell, Jenkins, Ansible, Terraform, kubernetes, the list goes on…

How do you up skill when there is so much to learn? Do I just simply start with 1 focus point and move on to the next?

To summarise, I only have exposure with Azure, M365, Azure DevOps but I haven’t done much creating of my own pipelines or automation.. I also don’t have a strong coding background

Appreciate any advice!

https://redd.it/qtlhjo
@r_devops

Dockerless containers with Podman on MacOS

Docker the company has been throwing wrenches lately into what used to be a smooth user experience with their new Terms of Service for Docker Desktop and various limits imposed on image pulls from DockerHub. Understandably, many people have been looking for alternatives which are easier to implement on Linux but not so much on MacOS.

We are showing here a way to build and use containers on a Mac without Docker, using Podman.

https://gokloudtech.com/index.php/2021/11/13/dockerless-containers-with-podman-on-macos/

https://redd.it/qthao4
@r_devops

Python Selenium Debugging

I have the following [webpage](https://i.imgur.com/gZLwTgh.png) . I'm trying to double click the "Blocked_IPs" text.

This is the code that interacts with it:

blocked_ips = driver.find_elements_by_xpath('//td[contains(.,"Blocked_IPs")]')
print(len(blocked_ips), blocked_ips)
action = ActionChains(driver)
action.double_click(blocked_ips[0])

Problem is, it just doesn't seem to double click it. When I do it manually, it works. When I execute the code, it doesn't. There's only one occurance of the word "Blocked_IPs". This is the output in the terminal:

1 [<selenium.webdriver.remote.webelement.WebElement (session="82b277a5f85cbb202f5cd57c0b800f3b", element="530b1a15-a190-401c-8495-921777f8fa84")>]

Does anyone happen to know why it's not working? How can I test it? Thanks ahead!

https://redd.it/qtq1ok
@r_devops

If you could automate any troubleshooting workflow for k8s errors, what would it be?

You all have a series of checks and processes you go through to find the root cause every time there's a recurring error. Which of your workflows would you like to automate? Imagine every time you got XXXX error it resolved on its own.
For example, when I get an ImagePullBackOfferror I check for changes in the image tag and repo, then I verify that the repo is specified, then if it's a secret I check to see if it's expired or misconfigured, etc. And each one of those checks can branch out and spiral into endless steps and iterations until I find the root cause. And that's one of the (relatively) simple errors.


If I had to choose I'd go with OOMKilled, since it's so recurring and annoying to debug. What would you choose?

https://redd.it/qtpu8f
@r_devops

CI CD for low level Linux and kernel modules

Hi all,

How do you guys do CI CD with kernel modules?

Do you just setup VMs with proper kernel configurations and run your jobs on them through jenkins or gitlab ci?

Did you manage to do them through docker containers and somehow made it work? if so how did you do it?

I would love to hear from all of you devops people who work in embedded linux and kernel development, how do you guys work on such projects?

https://redd.it/qto0ly
@r_devops

One platform, one tool.

What if you could do everything from one platform. From CI/CD to cluster deployments, and perhaps even deploy your regular infra tools.

View Poll

https://redd.it/qt995v
@r_devops